Book Image

Twilio Best Practices

Book Image

Twilio Best Practices

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Twilio Best Practices
Dec, 2014 | 178 pages
No titles found
Table of Contents (15 chapters)
Twilio Best Practices
Twilio Best Practices
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Working with TwiML
Working with TwiML
Where in my application will I be using TwiML?
Getting started with TwiML
Digging deeper – Twilio's requests
The world of TwiML verbs
Best practices for working with TwiML
Summary
2
Exploring the REST API
Exploring the REST API
What is the Twilio REST API?
Interacting with the API
Getting started with the Twilio PHP library
Getting started with Postman
Mastering call-related APIs
Mastering messaging APIs
Working with phone numbers, accounts, and usage
Summary
3
Calling in the Browser with Twilio Client
Calling in the Browser with Twilio Client
What is Twilio Client?
Where can I use Twilio Client?
How does Twilio Client work?
Adding Twilio Client to your web applications
Receiving incoming calls in the browser
Getting started with Twilio Client on iOS and Android
Summary
4
Twilio in the Real World
Twilio in the Real World
The callback request tool
The conference calling tool
And you're done!
Summary
5
Twilio in your language
Twilio in your language
PHP – a recap
Ruby
Python
C#
Java
Node.js
Apex for Salesforce.com
Summary
6
Securing your Twilio App
Securing your Twilio App
Enabling two-factor authentication
Verifying that requests are from Twilio
Building a circuit breaker
Summary
7
Testing, Debugging, and Deploying Twilio Apps
Testing, Debugging, and Deploying Twilio Apps
The power of flowcharts
Using the App Monitor
Using the Request Inspector
Fixing common errors
Summary
8
Online Resources
Online Resources
Hosting providers
Web frameworks
Automated testing
Using flowcharts
What next?
Index
Index

Verifying that requests are from Twilio

If parties other than Twilio are able to make requests to your application, they can potentially change and corrupt data or access sensitive information.

Without authentication measures, if an attacker was able to guess the URLs of the endpoints on your application that Twilio hits with its webhooks, they could wreak havoc. For instance, they could spoof fake SMS messages so that they appear to come from users or they could access the private phones numbers of users they should only be able to call through a public line you provide.

There are two routes you can take to prevent this, ensuring with a reasonable degree of certainty that a request genuinely comes from Twilio:

  • Set up HTTP Basic Authentication

  • Verify the signature of requests to ensure they're signed by Twilio

HTTP Basic Authentication

HTTP Basic Authentication simply allows you to require a username and password to access your web server's resources.

If you're working with PHP, you'll want to...

Previous Section
End of Section 3
Next Section